1. Field of the Invention
The present invention relates to a data storage device and a data storage method, and relates to a data storage device and a data storage method which can manage resources of IC cards and perform access control to IC cards with high flexibility and security in a case where a plurality of managers supply their services by using an IC (Integrated Circuit) card.
2. Description of the Related Art
For example, an IC card (smart card) which is expected to be used in an electronic money system, a security system, etc. has been developed.
The IC card has a CPU (Central Processing Unit) for performing various kinds of processing and a memory for storing data necessary for the processing, and data transmission/reception to/from the IC card is performed while it is electrically connected to a predetermined reader/writer (R/W) or under a non-contact state by using electromagnetic wave. An IC card which performs data transmission/reception with R/W under non-contact state by using electromagnetic wave is generally supplied with necessary power through electromagnetic wave.
For example, in ISO (International Organization for Standardization) 7816, the standard of contact type IC cards is defined. According to this standard, the data management can be performed on the basis of, for example, EF (Elementary File) (corresponding to a so-called file) for storing data and DF for storing EF and DF (Dedicated File) (corresponding to a so-called directory (folder)). Accordingly, the data management based on the layer structure is possible by setting some DF as a parent layer and providing DF of a child layer thereof.
When IC cards are used for the service supply by plural managers, there may be considered a method of allocating DF as a layer to each of the plural managers and storing EF as data to be supplied for the service supply of each manager in the DF.
However, it is difficult in ISO7816, etc. to restrict the usable capacity and the resources of the IC card such identification codes for identifying DF and EF (corresponding to a file name and a directory name) every DF.
Therefore, it is difficult to prevent an identification code from being duplicated between different managers, and also it is difficult to restrict a manager from using a memory contained in an IC card by a capacity exceeding a predetermined capacity which is determined through a contract or the like.
Further, in a case where IC cards are used in an electronic money system or security system, securities such as secrecy of data, prevention of forgery of IC cards, etc. are important, and for example, ISO7816, an access to DF and EF belonging to DF is restricted by locking DF. That is, in ISO7816, in order to access some DF, it is necessary to know all the DF keys of upper layers (parent layers) on the bus extending to the DF concerned.
Therefore, for example, when some manager serving as a parent manager shares a part of resources allocated thereto to another manager serving as a child manager and DF managed by the child manager is formed in DF managed by the parent manager, in order for the child manager to access the DF thereof, the child manager is required to know a key to access the DF of the parent layer, that is, the DF of the parent manager, and there occurs a problem in security.